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0. Introduction 


This paper deals with coset bounds for algebraic geometric codes and their applications to lower 
bounds for the minimum distance of AG codes as well as for thresholds of algebraic geometric secret 
sharing schemes. The work was motivated by two important recent results. The first is the complete 
description of the minimum distance of Hermitian two-point codes by Homma and Kim [1]. The sec- 
ond is the introduction of algebraic geometric linear secret sharing schemes by Chen and Cramer [2]. 

For algebraic geometric codes, the actual value of the minimum distance is not a priori known 
and needs to be determined or estimated from the data used in the construction. The best known 
lower bounds for the minimum distance of an algebraic geometric code are the order bound and the 
floor bound. In this paper, we obtain improvements for the Beelen version of the order bound [3] 
and for the Lundell-McCullough version of the floor bound [4]. We note that at the time of revision 
the Lundell-McCullough floor bound has been extended and improved by Güneri, Stichtenoth and 
Taskin [5]. Beelen [3], and independently the second author [6], have shown that the order bound 
agrees, for Hermitian two-point codes, with the actual minimum distances found by Homma and Kim. 
To observe numerical improvements of our bounds over previously known bounds we use examples 
from Suzuki curves. 


* Corresponding author. 
E-mail addresses: duursma@math.uiuc.edu (I.M. Duursma), napsk71@kias.re.kr (S. Park). 
1 Current address: School of Computational Sciences, Korea Institute for Advanced Study (KIAS), Republic of Korea. 


1071-5797/$ - see front matter © 2009 Elsevier Inc. All rights reserved. 
doi:10.1016/j.ffa.2009.1 1.006 


I.M. Duursma, S. Park / Finite Fields and Their Applications 16 (2010) 36-55 37 


An important application of secret sharing schemes is secure multi-party computation, which re- 
quires linear secret sharing schemes with a multiplicative property [7,8]. Chen and Cramer proposed 
to use one-point algebraic geometric codes for secret sharing and they have shown that the obtained 
algebraic geometric linear secret sharing schemes can be used for efficient secure computation over 
small fields [2]. Parties can reconstruct a secret uniquely from their shares only if the total number 
of shares exceeds the adversary threshold of the secret sharing scheme. The algebraic geometric con- 
struction of a linear secret sharing scheme guarantees a lower bound for the adversary threshold. The 
precise value of the threshold is in general not known. We show that the adversary threshold corre- 
sponds to the minimum distance between cosets of a code. Our results give improved lower bounds 
for distances between cosets of an algebraic geometric code, and therefore improved lower bounds 
for adversary thresholds of algebraic geometric linear secret sharing schemes. 

As our main results, we formulate an ABZ bound for codes and an ABZ bound for cosets. The bounds 
improve and generalize the Lundell-McCullough floor bound and the Beelen order bound, respectively. 
The bounds can be used as tools for constructing improved codes as well as improved secret sharing 
schemes. Our Main theorem is an even more general bound. Its main advantage is that it has a short 
proof and that all other bounds can be obtained as special cases. 

The floor bound is independent of the order bound. Algorithms are available for decoding up to 
half the order bound but not for decoding up to half the floor bound. Beelen [3] gives an example 
where the floor bound exceeds the order bound. For our generalizations there is a strict hierarchy. 
The improved order bound, obtained with the ABZ bound for cosets, is at least the ABZ bound for 
codes, which improves the floor bound. We show that decoding is possible up to half the bound in 
our main theorem, and therefore up to half of all our bounds. In particular, we obtain for the first 
time an approach to decode up to half the floor bound. 

In Section 1, we describe the use of linear codes for secret sharing and the relation between 
coset distances and adversary thresholds. Theorem 1.2 gives a general coset bound for linear codes. 
Appendix A gives a coset decoding procedure that decodes up to half the bound. Algebraic geometric 
codes are defined in Section 2. Theorem 2.4 gives the ABZ bound for algebraic geometric codes with 
a first proof based on the AB bound for linear codes. Section 3 gives a geometric characterization of 
coset distances for algebraic geometric codes. In Section 4 we define, for a divisor C and for a rational 
point P, a semigroup ideal 


Tp(C) = {A: L(A) Z L(A- P) AL(A—C) L(A—C — P)} 


such that the minimal degree for a divisor A in I’p(C) is a lower bound for the coset distance of an 
algebraic geometric code. In Section 5, the main theorem gives a lower bound for the degree of a 
divisor in the semigroup ideal (Theorem 5.3). The bound is formulated in terms of properties of the 
complement 


Ap(C) = {A: L(A) #L(A— P) AL(A—C) =L(A—C — P)}. 


In Section 6, we explain the role of the divisor C for optimizing the order bound (Proposition 6.3). 
We formulate the ABZ bound for cosets (Theorem 6.5) and we describe its relation to both the order 
bound (Theorem 6.2) and the floor bound (Theorem 2.3). The material in this paper forms the first 
half of the preprint [9]. 


1. Cosets of linear codes 
Let F be a finite field. An F-linear code C of length n is a linear subspace of F”. The Hamming 


distance between two vectors x, y € F” is d(x, y) = |{i: xi # yi}|. The minimum distance of a nontrivial 
linear code C is 


d(C) = min{d(x, y): x,y eC, x4 y} 
= min{d(x, 0): xeC, x40}. 
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If d(C) > 2t+1 and if y €e F” is at distance at most t from C then there exists a unique word c € C 
with d(c, y) <t. 

The Hamming distance between two nonempty subsets X,Y c F” is the minimum of {d(x, y): 
xe X, yeY)}. For a proper subcode C’ C C, the minimum distance of the collection of cosets C/C’ is 


d(C/c’) = minfd(x +C, y +C’): x,y EC, x-y¢C} 
=min{d(x,0): xE€C, x¢C'}. 


Lemma 1.1. If d(C/C’) > 2t + 1 and if y € F" is at distance at most t from C then there exists a unique coset 
c+C' eC/C withd(c+C’,y+C’) <t. 


The dual code D of C is the maximal subspace of F” that is orthogonal to C with respect to the 
standard inner product. To the extension of codes C/C’ corresponds an extension of dual codes D'/D 
with distance parameter d(D’/D). For two vectors x, y € F", let x x y € F" denote the Hadamard or 
coordinate-wise product of the two vectors. 


Theorem 1.2 (Shift bound or coset bound). Let C/C; be an extension of F-linear codes with corresponding 
extension of dual codes D;/D such that dimC/C; = dimD,/D = 1. If there exist vectors a1, ..., aw and 
by,..., bw such that 


aixbjeD fori+j<w, 
a;ixbjeDı\D fori+j=w+1, 


then d(C/C1) > w. 


Proof. For all c € C \ C1 and a x b € D1 \ D, c is not orthogonal to a» b. To show the nonexistence 
of a vector c € C \ C1 with d(c, 0) < w, it suffices to show, for any choice of w — 1 coordinates, the 
existence of a vector a x b € D1 \ D that is zero in those coordinates. The conditions show that the 
vectors a1,...,@y are linearly independent, and there exists a nonzero linear combination a of the 
vectors a1,...,dy vanishing at w — 1 given coordinates (here we use that a system of w — 1 linear 
equations in w variables has a nonzero solution). If i is maximal such that a; has a nonzero coefficient 
in the linear combination a then a * by44-; € D1 \ D is zero in the w — 1 coordinates. 


Let y € F” be a word at distance at most t from C. For given vectors a1,...,aw and b1,...,bw 
such that w > 2t, the unique coset c+C1 € C/C1 with d(c +C1, y +C1) <t can be computed efficiently 
with the coset decoding procedure in Appendix A. Theorem 1.2 can be used to estimate the minimum 
distance d(C/C’) of an extension C/C’ with dimC/C’ > 1, after dividing C/C’ into subextensions. 


Lemma 1.3. Let C/C’ be an extension of F-linear codes of length n. For € > C” DC’, 
d(c/c’) =min{d(C/c"),a(c"/c’)}. 


We will now describe the use of code extensions for secret sharing. Our description focuses on 
the connection between secret sharing thresholds and coset distances. For the definition and main 
properties of a general linear secret sharing scheme we refer to [8]. Unless otherwise specified, all 
code extensions will be of codimension one. 

Let yı € D; \D. For a secret à € F, and for a random vector y € D, the vector s=Ay1+y is called 
a vector of shares for à. A subset A C {1,2,...,n} is said to be qualified for D; \ D if, for any given 
vector s=Ay; + y € Dj, the coefficient à is uniquely determined by the values of s on the subset of 
coordinates A. Denote by I (D1/D) the collection of subsets A C {1,2,...,n} that are qualified for 
D/D. 
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Lemma 1.4. For A C {1,2,...,m}, let Ea denote the subspace of F” of words that have support in A, and let 
A denote the complement of A in {1,2,...,n}. Then 


{A: CN Ea #61 N Ea} € T (D1/D) E {A: Di NEA = DN Ej}. 


Proof. For the first inclusion, assume that CN Ea # C1 N Ea and let r € C \ C1 be a codeword with 
support in A. Then, for any given vector s = Ay; + y € D1, we can compute r -s using only the values 
of s on A. Moreover, r -s =r- (Ay; + y) =A(r- yi). And since (r- y1) 40, we obtain A = (r-s)/(r- y1). 
For the other inclusion, assume that Dı NE, # DN Eq and let s! = y1 + y € Dı \ D be a codeword 
that is zero on A. Then the values on A are the same for the vector s = Ay; + y € Dı and for its 
translates s + us’. Thus à cannot be determined from the values of s on A and A ¢ r (D/D). 


The inclusions in the lemma hold with equality. To see this we use the following duality. 


Lemma 1.5. Let A C {1, 2, ... , n}. There exists a word r € C \ Cı with support in A if and only if there exists 
no word s € D4 \ D with support in A. 


Proof. The exact sequences 


0 —> CNE4/C1 N Ea > C/C1 >C+E4/C1 + Ea > 0, 


0— Dı NEA/DO E; — D1/D — Dı + E4/D+ Eq, — 0, 


are in duality via Vie V* =Hom(V, F). And 


(dimC N E4/C1 N Ea) + (dim D1 NE,/DN E3) =dimC/C; = 1. 


Denote by A(D1/D) the collection of unqualified subsets for D1 /D. Together the lemmas give the 
following characterization of qualified and unqualified subsets. 


Theorem 1.6. Let C/C; and D1ı/D be dual extensions of F-linear codes of length n. For A C {1,2,...,n}, let 
E4 be the subset of F" of all vectors with support in A and let A= {1,2,...,n}\ A. Then 


{A: CN Ea #CiN Eg} = r (D/D) = {A: Di NE, =DPNE;}, 
{A: Dı ME, Æ DN E3} = A(D1/D)={A: CN Eg =C1 N Ea}. 
Moreover, 
AET(C/Ci) & AeA(D/D) and AcA(C/G) & Aer(D/D). 


Proof. With Lemma 1.5, the inclusions in Lemma 1.4 become equalities. The other claims follow im- 
mediately. 


Corollary 1.7. The smallest qualified subset for D4 /D is of size 
min{|A|: A € r(D1/D)} =4(C/C1). 
The largest unqualified subset for D1 /D is of size 


max{|A|: A € A(D1/D)} =n — d(D1/D). 
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2. Algebraic geometric codes 


Let X/F be an algebraic curve (absolutely irreducible, smooth, projective) of genus g over a finite 
field F. Let F(X) be the function field of X/F and let (X) be the module of rational differentials 
of X/F. Given a divisor E on X defined over F, let L(E) denote the vector space over F of functions 
f € F(X) \ {0} with (f) + E > 0 together with the zero function. The dimension of L(E) is denoted 
by I(E). Let 2 (E) denote the vector space over F of differentials w € 2(X) \ {0} with (œw) > E together 
with the zero differential. Let K represent the canonical divisor class. 

For n distinct rational points P;,..., Pn on X and for disjoint divisors D = P1 +---+ Pn and G, 
the geometric Goppa codes C,(D, G) and Cg(D, G) are defined as the images of the maps 


op: L(G) — F", fre (fP)... F(Pn)); 


aQ:2(G—D)—>F", w (resp, (w), ..., resp, (@)). 


The maps establish isomorphisms L(G)/L(G — D) ~ C,(D, G) and 2(G — D)/2 (G) ~ Co (D, G). With 
the Residue theorem, the images are orthogonal subspaces of F”. With the Riemann-Roch theorem 
they are maximal orthogonal subspaces. 

There exists a nonzero word in C,;(D,G) with support in A, for 0 < A < D, if and only if 
L(G — D+ A)/L(G — D) Æ 0. There exists a nonzero word in Cg(D,G) with support in A, for 
0<A<D, if and only if 2(G — A)/2 (G) £0 if and only if L(K — G + A)/L(K — G) £0. 


Proposition 2.1. 


d(C.(D, G)) =min{deg A: O< A<D|L(A—C)4L(-©)},  forc=D-G, 
d(Co(D, G)) =min{degA: 0< A < D|L(A—C)4L(-C)}, forC=G-K. 


Theorem 2.2 (Goppa bound). A nonzero word in C,(D, G) has weight w > deg(D — G). A nonzero word in 
Cg (D, G) has weight w > deg(G — K). 


The following bound improves on the Goppa bound in special cases. 


Theorem 2.3 (Floor bound). (See [4].) Let G = K +C = A +B +Z, for Z > 0 such that L(A + Z) = L(A) and 
L(B + Z) = L(B). For D with D N Z = Ø, a nonzero word in Cg (D, G) has weight at least deg C + deg Z. 


Most algebraic bounds for the minimum distance of a linear code rely on one of two basic ar- 
guments. In the paper [10] on cyclic codes they were named the AB bound and the Shift bound. 
We obtain the following bound, which includes the floor bound, using the AB bound argument in 
combination with the Goppa bound. 


Theorem 2.4 (ABZ bound for codes). Let G = K + C = A + B + Z, for Z > 0. For D with DN Z = Ø, a nonzero 
word in Cg (D, G) has weight w > I(A) — I(A — C) + I(B) — I(B — C). 


Proof. We may assume that A and B are disjoint from D. Since Z > 0 and D N Z = Ø, the code 
C,(D,G) contains the code C;(D,A+ B) as a subcode. Thus C,(D, A) * C,(D, B) L Co(D, G). Let 
c€ Co(D, G) have support D’ < D. Since c x C,(D, A) ~ C,(D’, A) and c * C,(D, B) ~ C,(D’, B), 
deg D' = dim (c » F") > dim(c x C1 (D, A)) + dim(c * C1 (D, B)) 
= dim(C;(D’, A)) + dim(C; (D', B)) 
= 1(A) — I(A — D’) + I(B) — I(B — D’). 
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Since c € Cg(D, G) has support D’, there exists a nonzero differential n € 2(G — D’) ~ L(D’ — C), that 
is, L(D’ — C) £0. Thus there exists an effective divisor E > 0 such that D’ — C ~ E. Hence (A — C) = 
L(A — D’ + E) >1(A — D’) and I(B — C) = I(B — D’ + E) 2 I(B — D’). Therefore 


deg D' > 1(A) — I(A — D’) + I(B) — I(B — D’) 


> L(A) — I(A — C) + I(B) — I(B — C). 


It is easy to see, using the Riemann-Roch theorem, that the choice Z = 0 returns the Goppa bound. 
Improvements of the Goppa bound are obtained only if the divisors A, B, and Z, are carefully chosen. 
For the special case L(A + Z) = L(A) and L(B + Z) = L(B), we recover the floor bound. In that case, 
for K+C=A+B+Z, 


I(A) — (A — C) + I(B) — I(B — C) 


=I(A+ Z)— (K — B — Z) + I(B + Z) 1K — A — Z) 


= deg(A + Z) + deg(B + Z) + 2 — 2g = degC + deg Z. 


Example 2.5. The Suzuki curve over the field of 32 elements is defined by the equation y?? + y = 
x4 (x32 +x). The curve has 32? +1 rational points and genus 124. For any two rational points P and 
Q, the divisors 41P and 41Q are equivalent and we denote their class by H. The canonical divisor 
class K = 6H. For the code Cg(D, K + 9P +9Q), the Goppa bound gives d > 18. An optimal choice 
for the floor bound is Z=3P+3Q, A=2H+6P+6Q and B = 4H, which gives d > 24. An optimal 
choice for the ABZ bound is Z=9P+9Q, A=2H and B = 4H. With dimL(2H)/L(2H — C) = 10 and 
dim L(4H)/L(4H — C) = 18 it gives d > 28. 


3. Cosets of algebraic geometric codes 


Let D = Co (D, G) and C =C,(D,G) be dual algebraic geometric codes. For a rational point P 
disjoint from D = P; +---+ Pp, let 


D1/D =CaQ(D,G — P)/Ce(D,G), 
C/C1 = CL (D, G)/C1(D, G — P), 


be dual extensions of codes. When dimC/C; = dim D1/D = 1, the extensions can be used for secret 
sharing as described in Section 1. Let œ € 2(G — D — P) \ 2 (G — D). For a secret s € F and for a 
random 7 € 2 (G — D) the share of player i is s; = s resp; (œ) + resp, (n). A divisor 0 < A < D is called 
qualified for D,/D if the shares {s;: P; € supp(A)} determine s uniquely. Let f € L(G) \ L(G — P). For 
a secret s € F and for a random h € L(G — P) the share of player i is si = sf (Pi) + h(P;). A divisor 
0<A<D is called qualified for C/C; if the shares {s;: P; € supp(A)} determine s uniquely. The 
quotients D;/D and C/C; are special case of extensions of linear codes and Theorem 1.6 can be 
used to determine their qualified and unqualified subsets. Proposition 3.1 and Proposition 3.2 give 
equivalent descriptions in terms of divisors. For a divisor 0 < A < D, let E, be the subset of F” of all 
vectors that are zero outside A. 


Proposition 3.1. For the extension of codes Dı /D = Cg (D, G — P)/Co(D, G), where D = P4 +--- + Pp is 
a sum ofn distinct rational points, G is a divisor disjoint from D, and P is a rational point disjoint from D, 
T (Dı/D)={0< 


A<D:CNE4#C1N Ea} 
={0<A<D: L(G-D+A)#L(G-D+A-P)}, 
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A(D1/D) ={0< A<D: CAE =C1N Ea} 


={0<A<D: L(G—D+A)=L(G—D+A-—P)}. 


Proposition 3.2. For the extension of codes C/C, = C,(D, G)/C,(D, G — P), where D = P4 + ---+ Py isa 
sum ofn distinct rational points, G is a divisor disjoint from D, and P is a rational point disjoint from D, 


PC/C1)=(0< A<D: DJ NEA ZDNE} 


/N 


={0<A<D: 2(G-—A-— P) #2(G-—A)}, 


A(C/C1) ={O< A<D: Di NE,=DN Eg} 


={0<A<D: Q(G-A-P)=Q(G—A)}. 


The propositions are related via the dualities A € ['(D,/D) if and only if D — A € A(C/C;) and 
AeéeTI(C/C;,) if and only if D — A € A(D,/D) (as in Theorem 1.6). The minimal degree of a divisor 
AéI(D1/D) or AE r(C/C1) is given by the coset distance d(C/C1) or d(Di/D), respectively (as in 
Corollary 1.7). 


Proposition 3.3. 
d(C/C1) =min{degA: O< AXD|L(A—C) 4L(A—C—P)}, forC=D-G, 
d(D1/D) = min{deg A: 0<A<D | L(A—C)4AL(A-C- P)}, forC=G-—K —P. 
This motivates the following definition. For a given divisor C and a point P, let 
Ip(C) = {A: L(A) AL(A— P)AL(A-C)4AL(A-C- P)}, 
and let yp (C) be the minimal degree for a divisor A € Ip(C). So that yp (C) > max{0, deg C}. 


Theorem 3.4. For the extensions of codes D1/D = Co(D,G — P)/Cg(D,G) and C/C; = C,(D,G)/ 
C1(D, G — P), 


A € r (D1/D) => deg A > yp (D — G) 2 n — degG, 


A € A(D1/D) => deg A <n -— yp (G — K — P) <n — deg G + 2g — 1, 


A e€ Tr (C/C1) => deg A > yp (G — K — P) >degG — 2g + 1, 
A € A(C/C1) > deg A <n — yp (D — G) < deg G. 


The lower bounds for deg A that are obtained with yp(D — G) and yp (G — K — P) use the assump- 
tion L(A) Æ L(A — P) instead of the stronger assumption 0 < A < D. Thus, when the bound for deg A 
is not attained by divisors A of the form 0 < A < D, the bounds will not be optimal. Essentially, we 
separate the problem of finding a small A € r(D1/D) into two parts: a geometric part that considers 
all effective divisors A not containing P, and an arithmetic part that verifies if A can be represented 
by a divisor with 0 < A < D. Only the first part is considered in this paper. 

We include an alternative geometric description of the qualified sets for D,/D and C/C;. Let P 
have multiplicity e in G, and let t be a fixed local parameter for P. For dimD;/D = dimC/C; = 1, we 
have isomorphisms 
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2(G-D—P)/Q(G—D)—>F, wr resp(t~*a), 
L(G)/L(G — P) © F, fr (t f) (P). 


Lemma 3.5. For w € (G — D — P), the residue resp(t~°q@) is uniquely determined by the values 
{resp (@)(P;): Pi € A}, for O < A < D, if and only if R (G — D + A — P) = 2 (G — D + A). 


With 2(G — D + A — P) = 2 (G — D + A) if and only if L(G — D + A) Æ L(G — D + A — P) the 
subsets A in the lemma agree with r (D/D) in Proposition 3.1. 


Lemma 3.6. For f € L(G), the value (t° f)(P) is uniquely determined by the values {f (Pi): Pi € A}, for 
0< A< D, ifand only if L(G — A) = L(G — A — P). 


With L(G — A) = L(G — A — P) if and only if 2 (G — A — P) 4 2 (G — A) the subsets A in the lemma 
agree with I (C/C1) in Proposition 3.2. 


4. Semigroup ideals 

Let X/F be a curve over a field F and let Pic(X) be the group of divisor classes. Let [ = 
{A: L(A) 4 0} be the semigroup of effective divisor classes. For a given rational point P € X, let 
Ip ={A: L(A) 4 L(A — P)} be the semigroup of effective divisor classes with no base point at P. Call 
A eéTI>p a P-denominator for the divisor class C € Pic(X) if A — C € Tp. So that A — (A — C) expresses 


C as the difference of two effective divisor classes without base point at P. The P-denominators for 
C form the Ip-ideal 


Ip(C)={Ae Ip: A—Ce Tp}. 


The ideal structure of the semigroup [p(C) amounts to the property A+ E € Ip(C) whenever A € 
Ip(C) and E € Ip. The Ip-ideal of P-numerators for C is the ideal 


Ip(—C) = {Ae Tp: A+CeTI>}. 
Clearly, A is a P-denominator for C if and only if A — C is a P-numerator for C, that is 
AelIp(C) & A-—CeETIp(—-C). 
The minimal degree yp(C) of a P-denominator for C is defined as 
yp(C) =min{deg A: A € Ip(C)}. 
The minimal degrees satisfy 
yp(C) — yp(—C) = degC. 


The denominator and numerator terminology is borrowed from the ideal interpretation of divisors. 
Let O be the ring of rational functions in F(X) that are regular outside P. For effective divisors A 
and B disjoint from P, the fractional O-ideal Lj) L@P — (B — A)) = JI~! is the quotient of the 
integral O-ideals J = (J;>o LGP — B) and I = Vise L(P — A). To a denominator A of smallest degree 
corresponds an ideal I of smallest norm. 

If either C € lp or —C € Tp then the conditions A € lp and A — C € Tp are dependent. 
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Proposition 4.1. For a divisor C on a curve X of genus g, yp(C) > max{0, deg C}. Moreover, 


yp(C)=0 & —Celp & Ip(C)=I>, 


yp(C)=degC & Celp & Ip(-C)=TI>. 
The inequality is strict if and only if C, —C ¢ Ip only if |degC| < 2g. 


For suitable choices of the divisor C, the parameter yp(C) gives a lower bound for the coset 
distance of an algebraic geometric code (Proposition 3.3) and therefore bounds for the access structure 
of an algebraic geometric linear secret sharing scheme (Theorem 3.4). Proposition 4.1 shows that we 
can expect improvements over the trivial lower bound yp(C) > degC that is used for Theorem 3.4 
only if P is a base point for the divisor C. 

Let S be a finite set of rational points that includes P. For Ts = Noes To, let Pp(C; S) = Tp(C) NA 
Is ={AeI's: A—C e Tp}, and let yp (C; S) be the minimal degree for a divisor A € Tp (C; S). 


Lemma 4.2. For a given set of rational points S that includes P, and for extensions of algebraic geometric codes 
Co(D,G — P)/Co(D, G) and Ci (D, G)/C,(D, G — P) defined with a divisor D = P1 +--- + Pn disjoint 
from S, 
d(CL(D, G)/CL(D, G — P)) > yp (C; S), forC=D-G, 
d(Co(D, G — P)/Co(D, G)) > yp (C; S), forC=G-K-P. 


Proof. Proposition 3.3. 


To obtain similar estimates for the minimum distance of an algebraic geometric code, we use 
Proposition 2.1. Define the Is-ideals '*(C; S) C r (C; S), 


r*(C;S)={AeTs: L(A — ©) # L(—0)}, 
r(C;S)={Ae€Ts: L(A- C) #0}. 
Let y*(C; S) (resp. y (C; S)) denote the minimal degree for a divisor A € I'*(C; S) (resp. A € r (C, S)). 


Lemma 4.3. For a given set of rational points S, and for algebraic geometric codes C; (D, G) and Co(D, G) 
defined with a divisor D = P1 + - - - + Pn disjoint from S, 


d(CL(D, G)) > y*(C; S) > y (C; S), forC=D-G, 
d(Co(D, G)) > y*(C; S)> y (C; S), forC=G-K. 


For L(—C) = 0, y* (C; S) = y (C; S). 


Proof. Proposition 2.1. 


The condition L(—C) = 0 holds in all cases where the Goppa lower bound d > degC (Theorem 2.2) 
is positive. We give lower bounds for y (C; S) using lower bounds for yp (C; S). With a minor modifi- 
cation, we obtain lower bounds for y*(C; S). 
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Lemma 4.4. Let S be a finite set of rational points. For a divisor C, and for a rational point P € S, 

Tr (C; S) =I p(C; SU r (C + P; S), 

T*(C; S) C Tp (C; S) U r*(C + P; S). 
Moreover, for —C € Tp, 

T*(C; S) c r*(C + P; S). 

Proof. For the equality, L(A — C) £0 if and only if L(A — C) # L(A — C — P) or L(A — C — P) 40. For 
the inclusion, L(A — C) # L(—C) only if L(A — C) # L(A — C — P) or L(A — C — P) Æ L(—C — P). Finally, 


for A € r*(C; S) such that —C € Ip, we have dim L(A — C)/L(—C — P) > 1, and thus L(A — C — P) # 
L(—C — P). So that A € r*(C + P; S). 


Proposition 4.5. Let S be a finite set of rational points. For a divisor C, and for a rational point P € S, 
y (C; S) > min{yp (C; S), y (C + P; S)}, 
y*(C; S) > min{yp (C; S), y*(C + P; S)} \ {0}. 


Proof. In general y*(C; S) > 0. And yp (C; S) = 0 only if yp(C) =0 if and only if —C € Tp, in which 
case we can omit yp (C; S) before taking the minimum. 


5. Main theorem 


For a given curve X/F, let C € Pic(X) be a divisor class and let P be a rational point on X. For the 
semigroup Ip = {A: L(A) Æ L(A — P)} and the Tp-ideal 


Ip(C)={AelIp: A—CeTp}, 
define the complement 

Ap(C)={Aelp: A—C¢€ Tp}. 
Lemma 5.1. 

Ap(C)=6 & Ip(C)=Ip & —CeTp. 
Let X be of genus g and let K represent the canonical divisor class. 
Lemma 5.2. In general, 
AecAp(C) & K+C+P—AcEAP(C). 

For A € Ap(C), 


min{0, degC} < deg A < max{2g — 1, degC + 2g — 1}. 


Proof. This follows from the definition together with the Riemann-Roch theorem. 


The following is the analogue of Theorem 1.2 in the language of divisors. 
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Theorem 5.3 (Coset bound for divisors). Let {A1 < Az <---< Aw} C Ap(C) be a sequence of divisors with 
Ai+1 > Ait P, fori=1,..., w — 1. Then deg A > w, for every divisor A € I’p(C) with support disjoint from 
Aw — Aj, that is 


yp(C; Aw — A1) 2 w. 


Proof. Let A € Ip. After replacing the sequence with an equivalent sequence if necessary, we may 
assume that Aj, A2,..., Aw are disjoint from A. We obtain two sequences of subspaces. 
L(Aw) 2 L(Aw — P) 2 L(Aw-1) 2 L(Aw-1 — P) 2 +- 2 L(A2) 
2 L(A2 — P) 2 L(A1) 2 L(A1 — P), 
92 (Aw — C) G 2(Aw =C- P) S 2(Aw-1 — C) G 2 (Aw-1 — C— P) S++ C 2(A2 — C) 


Ç 2(A2 —-C— P)C R(A1 —C) G 2(A, — C— P). 
For i=1,2,...,w, choose 
fie l(A)\L(Ai—P) and nie 2(Ai— C -— P)\ Q(Aj —C). 


Assume now that A is of degree degA < w. Then there exists a nonzero linear combination f of 
fi, fo,..., fw that vanishes on A (as a divisor, A is defined over the base field F, with the possibility 
that some of the points in its support are defined over an extension of F; in particular, f can be 
obtained as a nonzero solution to a system of degA < w — 1 linear equations in w unknowns for 
a system of linear equations defined over F). If fj is the leading function in the linear combination 
then f € L(Aj — A) \ L(Ai — A — P) and fni € Q2(—C — P+ A) \ 2(—C +A). Thus A—C ¢ Ip and 
A€¢Ip(C). 


Example 5.4. Let C = Co(D,K + 9P + 9Q) be the code of Example 2.5 and let Ci = 
Cg(D,K + 10P + 9Q) be a subcode of codimension one. We apply the theorem with Ap(C) = 
Ap(9P +9Q). An optimal strictly increasing sequence of divisors in Ap(C) is given by 


A, =0<---< Aig = 109P < A19 = 112P +9Q <---< A45 =256P +9Q. 


The beginning of the sequence consists of all divisors 0 < A < 109P with L(A) Æ L(A — P) and L(A) = 
L(A — C). The remainder of the sequence consists of all divisors 112P +9Q < A < 256P +9Q with 
the same properties. It follows that yp (C) > 45, and thus, with Lemma 4.2, that words in C \ C1 have 
weight at least 45. 


For a divisor B, let 


Ap(B,C) ={B+iP: i€ Z}NAp(C) 


={B+iPeIp,B—C+iP ¢ Ip}. 


Lemma 5.5. To the set Ap(B, C) corresponds a dual set 


Ap(B—C, —C) ={B —C +iP: ie Z}M Ap(—-C) 


={B—C+iPeIp,B+iP ¢ Ip}, 
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such that #A p(B, C) — #Ap(B — C, —C) = deg C. Furthermore, 


degC, ifCeTp, 
PI ee (ae a 
0, if—CeTp. 
In particular, 
degC, ifdegC 2g, 
ES o one 
0, if degC < —2g. 


Proof. For io large enough, 


#Ap(B, C) —#Ap(B—C, —C) 
=#{i<ig: BtiPe Tp, B—C+iP ¢ I>} 


— #{i <io: B+iP ¢ Ilp, B—C+iPeTIp} 


=% (I8 HiP) — I(B +iP — P)) — (I(B — C + iP) — I(B — C + iP — P)) 
i<ig 


= dim L(B + igP) — dim L(B — C + igP) = deg C. 


For the remainder use Lemma 5.1. 


Corollary 5.6. For any choice of divisor B, there is a pair of equivalent bounds 


yp(C)>#Ap(B,C), — yp(—C) > #Ap(B — C, —C). 


Proof. For the first inequality, the elements A4, A2,..., Aw € Ap(B, C), ordered from lowest to high- 
est degree, meet the conditions of the theorem. Similar for the second inequality. Equivalence follows 
from yp (C) — yp(—C) = degC and the previous lemma. 


Example 5.7. Let C/C1 = Co (D, K +9P +9Q)/Co(D, K+10P +9Q) as in Example 5.4. The corollary 
restricts the choice of a sequence of divisors in Ap(C) = Ap (9P + 9Q) to sequences that increase by 
P at each step. Under the restriction, an optimal strictly increasing sequence of divisors in Ap(C) is 
given by 


Ap(0,9P +9Q) = {A1 =0 < --- < A40 = 256P}. 
The sequence is of length 40 and the corollary therefore yields d(C/C1) > 40. 
Lemma 5.8. If A € Tp (E) and E € I’p(C) then A € Fp (C). For E € Fp (C), 
Ap(C) C Ap (E). 


Proof. The first claim is immediate from the definitions, in particular A — E € lp and E— C €Tp 
implies A — C € Tp. For E € Tp (C), the first claim shows that A ¢ lp (E) whenever A ¢ Tp (C). 
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6. Order bound and floor bound 


We unify and improve two known lower bounds for the minimum distance of an algebraic ge- 
ometric code. Let S be a given set of rational points, and let C,(D,G) and Co(D, G) be algebraic 
geometric codes defined with a divisor D = P1 +---+ Pn disjoint from S. With Lemma 4.3, 


d(C,(D,G))>y*(C;S), forCc=D-—G, 
d(Ca(D,G)) >y*(C; S), forC=G-K. 


Proposition 6.1. For rational points Qo,..., Qr—1 € S, define divisors Co < C1 <--- < Cr such that Co = C 
and Ci41 = Ci + Qi, fori =0,...,r — 1. Then 


Y * (C; S) > min{ Vo, (Co; S), Vo: (C1; S), <- -> Varı (Cr-1; S), V* (Cr; S)} \ {0}. 


In general, y* (Cr; S) > degC +r. 


Proof. Proposition 4.5 gives y*(Ci; S) > min{yo,; (Ci; S), y* (Ci+1; S)} \ {0}. 


We give a formulation of the Beelen order bound for an algebraic geometric code Co(D, G) in 
the notation of the current paper. The theorem is given in its general form (combining [3, Remark 5, 
Definition 6, Theorem 7]). 


Theorem 6.2 (Order bound). (See [3].) Let Co (D, G) be an algebraic geometric code, and let G = K + C. Fora 
sequence of rational points Qo, ..., Qr—1 disjoint from D, let Co = C and Ci+1 = Ci + Qi, fori = 0,...,r— 1. 


Co = Co (D, K + C) 2 C1 = Co (D, K + C1) 2 -2Cr = Co(D, K +C). 
If Ci # Ci+1 then a word in Ci \ Ci+1 has weight w > #AgQ, (0, Ci). For r large enough, 
d(Co(D, G)) > min{#AQ, (0, Ci): Ci # Ci+1}. 
More generally, for divisors Bo, ..., Br—1, 
d(Co(D, G)) > min{#A g, (Bi, Ci): Ci A Ci41}. 


Proof. The order bound for the minimum distance combines Proposition 6.1 with the estimates 
yo; (Cis S) 2 yo; (Ci) > #AQ; (Bi, Ci) in Corollary 5.6. 


The last part of the theorem allows a choice of divisors Bo,..., By. The original formulation has as 
extra condition that those divisors are disjoint from the divisor D but this condition is not necessary. 
We analyze the choice of the rational points Qo, Q1,..., Q;—1. In [3], the choice of the points is 
unrestricted, and an example is given where the optimal lower bound is obtained with a choice of 
Qi outside G. On the other hand, Proposition 4.1 shows that yo,(C;) > degC;. Thus, we may assume 
that the minimum min{yo;(Cj)} \ {0} is taken over an interval i = 0, 1,...,r such that, for all i in the 
interval, either yQ; (Ci) = 0 or yo; (Cj) > deg C;. With Proposition 4.1 this implies that either —C; € TQ; 
or Ci ¢ I'g;. In both cases, we can conclude, for C; £0, that Ci ¢ ,, i.e. that L(C;) = L(C; — Qi). The 
same conclusion can be reached with Lemma 5.5 if the argument is repeated for Ag; (Bj, Cj) instead 
of yq; (Ci). The following stronger result holds. 
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Proposition 6.3. The maximum in the order bound is attained for a choice of rational points Qo, Q1,..., Qr—1 
such that, fori =0,1,...,r—1, either Ci = 0, or Qi, ..., Qr—1 are base points of the divisor C;. In particular, 
if Cj is a nonzero effective divisor, we may restrict the choice for Qj, ..., Qr—1 to rational points in the support 
of Ci. 


Proof. For Q € {Qi,..., Qr—1}, let j be minimal in {i,...,r—1} such that Q; = Q. If Cj 40, we may 
assume as explained above, that Cj ¢ lo. With E = Q;+---+ Qj-1€ TQ and Cj = Ci + E it follows 
that C; ¢ Ig. If Cj =0 then either i = j, in which case C; = 0, or i < j, in which case degC; < 0 and 
Ci To. 


In [3, Example 8], the minimum distance lower bound for a code Cg(D,5P) on the Klein curve is 
improved with a choice Qo = P, Q1 = Q ¥ P. For the example, 5P = K+2P—Q and 6P = K+Q +R, 
so that Co =2P—Q and C1 = Q +R. Indeed, with the proposition, we can expect improvements only 
with Q1 = Q or with Q1 =R. 

To improve the order bound we apply the main theorem with a different format for the divisors 
Aj,..., Aw. Let 

Ap(< B,C) ={B+iP ep: B—C+iP¢IpAi<0}, 


Ap(>B+P,C)={B+iPelp: B—C+iP¢Ipaniz}}, 
be a partition of the set Ap(B, C) into divisors of small and large degree. 
Lemma 6.4. 


#A p(< B, C) = dim L(B) — dim L(B — C) + #Ap(< B — C, —C). 


Proof. Similar to the proof of Lemma 5.5, but use ig = 0. 


Theorem 6.5 (ABZ bound for cosets). Let C be a divisor and let P be a rational point. For G = K +C = 
A+B+Z,Z20, 


yp (C; ZU P) > #Ap(< A, C) + #Ap(< B,C). 


Proof. With Lemma 5.2, a divisor A’ € Ap(C) if and only if K+C+ P — A' € Ap(C). And A’ < A if and 
only if K+C+P—A’ >K+C+P—A=B+P+2Z. The elements Aj, A2,..., Aw E€ Ap(< B, C)UAp(> 
B+P+2Z,C), ordered from lowest to highest degree, meet the conditions of Theorem 5.3, with 
w=#Ap(< A,C) +#Ap(< B,C). 


Example 6.6. As in Example 5.7, let C= Co (D, K +9P +9Q) and let Cj} = Co (D, K + 10P + 9Q). 
We apply the order bound with Bg = By =--- = B35 = 0, Qo = Q1 =::-= Q17 =P, and Qig = Q19 = 
+++ = Q35 = Q. Example 5.7 gives the lower bound d(C/C,) > #Ap(0,9P + 9Q) = 40. Similarly, for 
Cig = Co (D, K +27P +9Q), 


d(C1/C18) > min{#A p (0, 10P +9Q), ..., #Ap(0, 26P +9Q)} = 50. 
And, for C36 = Co (D, K +27P +27Q), 


d(C18/C36) > min{#AqQ (0,27P + 9Q),...,#AQ (0, 27P +26Q)} = 54. 
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The Goppa bound gives d(C3g) > 54, and it follows that d(Cjg) > 54, d(C;) > 50, and d(C) > 40. The 
last three values are best possible for the order bound. Example 5.4 shows that d(C/C;) > 45 and 
thus d(C) > 45. The sequence of divisors that was used to obtain the lower bound, 


A, =0<---< Aig = 109P < A19 = 112P + 9Q <---< A45 = 256P +9Q, 


matches the format of the ABZ bound for cosets, with K +C = A+B +Z for K =246P, C=9P+9Q, 
A = 146P, B = 109P, Z = 9Q, and #Ap(< A, C)+ #Ap(< B,C) = 27 + 18 = 45. 


The lower bound #Ap(B, C) that is used for the order bound takes into account only the number 
of divisors in a delta set Ap (B, C). The improved bounds in Theorem 6.5 are possible by considering 
also the degree distribution of divisors in the delta set. For Z = 0, the bounds in the theorem include 
those used in the order bound (Theorem 6.2). The floor bound (Theorem 2.3) sometimes exceeds the 
order bound. The ABZ bound for codes (Theorem 2.4) gives an improvement and generalization of 
the floor bound. We show that the bounds in the theorem not only include those obtained with the 
order bound but also those obtained with the ABZ bound for codes. In each case, the coset decoding 
procedure in Appendix A decodes efficiently up to half the bound. 


Theorem 6.7 (ABZ bound for codes). Let G = K + C = A + B + Z, for Z > 0. For D with D N Z = Ø, a nonzero 
word in Co(D, G) has weight w > I(A) — I(A — C) + I(B) — I(B — C). 


Proof. Let P be a rational point on the curve not in the support of D, if necessary it can be chosen 
over an extension field. We use Proposition 6.1 with S = Z U P and Qo = Q1 =- -= Qr-1 =P. 


y*(C; S) > min{yp(C; S), yp (C + P; S),..., yp(C + (r — 1)P; S), y*(C + rP; S)} \ {0}. 


Now use Theorem 6.5 with K+C+iP=A+B+(Z+iP), 
ye(C +iP; S)>#Ap(< A,C+iP)+#Ap(< B,C +iP). 


With Lemma 6.4, 


yp(C +iP; S) > (A) — I(A — C — iP) + I(B) — I(B — C= iP) 
> L(A) — I(A — C) + I(B) — I(B — ©). 


Hence, by taking r large enough, y*(C; S) 2 (A) —I(A — C) + I(B) — I(B — ©). 


Neither the ABZ bound for codes, nor the ABZ bound for cosets gives an improvement in general. 
For Z = 0, both bounds return previously known bounds, namely the Goppa bound and the order 
bound, respectively. For carefully chosen nontrivial Z, there are possible improvements. If we apply 
Lemma 6.4 with both A and B, 


#Ap(< A, C) = dim L(A) — dim L(A — C) + #Ap(< A — C, —C), 


#Ap(< B, C) = dim L(B) — dim L(B — C) + #Ap(< B — C, —C), 


and add the two equations, then we see that the improvement of the ABZ coset bound applied to 
G=K+C=A+B+Z over the floor bound applied to G = K +C =A + B +Z is given by the ABZ 
coset bound applied to the dual decomposition G’ = K — C = (A — C) + (B — C) + Z. For Z = 0, we 
recover that the improvement of the order bound applied to G = K + C over the Goppa bound degC 
is given by the order bound applied to G’ = K — C (Lemma 5.5 and Corollary 5.6). 
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Example 6.8. As in Example 6.6, let C = Cg(D, K +9P +9Q) and let Cj} = Co (D, K + 10P + 9Q). 
The ABZ bound for codes in Example 2.5 gives d(C) > 28, for A = 4H = 164P, B = 2H = 82P, Z = 
9P +9Q. For this choice of A, B and Z, the ABZ bound for cosets gives d(C/C,) > 31 + 12 = 43. 


#Ap(<A,C)=31,  dimL(A)—dimL(A—C)=18,  #Ap(< A—C,—-C) =13, 


#Ap(< B,C) =12, dim L(B) — dim L(B — C) = 10, #Ap(< B—C,—-C)=2. 


The ABZ bound for cosets in Example 6.6 gives d(C/C1) > 45, for A= 146P, B= 109P, Z = 9Q. For 
this choice of A, B and Z, the ABZ bound for codes gives d(C) > 14+ 11 =25. 


#Ap(<A,C)=27, dimL(A)—dimL(A—C)=14, #Ap(<A—C,—C)=13, 


#Ap(< B,C) = 18, dim L(B) — dim L(B — C) = 11, #Ap(< B- C,-C)=7. 


In general, the ABZ bound for cosets d(C/C,) is at least the ABZ bound for codes d(C), for the same 
choice of A,B and Z. But the optimal choices for A, B and Z need not be the same for the two 
bounds. 


We consider the special case of the order bound with Bọ =---= B,;_; =0 and Qo =- 
= Q;_1 = P. For codes of the form C,(D, pP)+ =Cg(D, pP) or of the form C,(D, K + P + pP)t = 
Co(D, K + P + pP) the resulting bound can be formulated entirely in terms of the numerical semi- 
group H of Weierstrass P-nongaps. For the first code use C = pP — K, and for the second C= pP +P. 
For the delta sets we obtain 


pP <€ Ap(pP— Kk) pPeIlpAK+pP—pP¢Ip 


peHAp—pt+1eH8, 


pPeAp(pP+P) pPelIpApP—pP—P¢€Ip 


>? 
>? 
>? 
< pEeHap-p-1¢€H. 


The first of the two bounds in the following theorem is the Feng-Rao bound [11,12]. The second 
bound is different when the canonical divisor K % (2g — 2)P. 


Theorem 6.9 (Feng-Rao bound). Let H be the semigroup of Weierstrass P-nongaps. 
d(C (D, pP)*) > min{#A[p’]: o > p} \ {0}, 
where A[p] ={p € H| p— pe H}. 
d(Ci(D, K + pP + P)~) > min{#B[p’]: p’ > p} \ {0}, 


where Bip] = {p € H | p — p ¢ H}. 


Proof. Apply Proposition 6.1 with the given delta sets. 
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7. Concluding remark 


Both problems of finding the lower bound for the adversary threshold of an algebraic geometric 
linear secret sharing scheme and the lower bound for the minimum distance of an algebraic geometric 
code can be approached as a geometric approximation problem: Given a divisor on an algebraic curve, 
represent the divisor as a difference of two effective divisors such that the effective divisors are each 
disjoint from a given set S and find lower bounds for the degrees of the effective divisors in such a 
representation. In other words, for a given curve X and divisor class C, find the lower bounds on the 
degree of a divisor A such that A and A — C belong to specified semigroups of divisors. For suitable 
choices of the semigroups we obtain (1) lower bounds for the size of a party A that can recover 
the secret in an algebraic geometric linear secret sharing scheme with adversary threshold C, and (2) 
lower bounds for the support A of a codeword in a geometric Goppa code with designed minimum 
support C. 


Appendix A. Coset decoding 


For a given vector y € F", and for an extension of linear codes C’ C C CF", coset decoding deter- 
mines the cosets of C’ in C that are nearest to the vector y. If y is at distance d(y,C) <t from C and 
the minimum distance d(C/C’) between distinct cosets is at least w > 2t then there exists a unique 
nearest coset c+ C’ with d(y,c + C’) < t. We describe a coset decoding procedure that returns the 
unique coset when the estimate d(C/C’) > w is obtained with Theorem 1.2. The procedure follows 
the majority coset decoding procedure in [13,14]. 

Shift bound or coset bound (Theorem 1.2): Let C/C; be an extension of F-linear codes with cor- 
responding extension of dual codes D1 /D such that dimC/C; = dim D1/D = 1. If there exist vectors 
a1, ..., aw and by,...,by such that 


aj*xbj €D forit+j<w, 
aqjxbj€D,\D fori+j=w+1, 


then d(C/C1) > w. 
For a given x € D; \ D, we may assume, after rescaling if necessary, that aj x bw41-; € X + D, for 
i=1,...,w. Define the following cosets of a; and bw+1—i, for i= 1,..., w, 


Aj = qj + (a1, ...,j—-1), 


Bw+1-i = bw+1-i + (b1,.--, Dwi). 


For c € C, the coset c +C is uniquely determined by x-c. For a given y € F” such that d(y, C) < t, the 
decoding procedure will look for a pair a’ € Aj, b’ € By44-; such that, for all c e C with d(y,c) <t, 
(a' x b') - y =x- c. The vector a’ xb’ is defined as the Hadamard or coordinate-wise product of the 
vectors a’ and b’. We use (a’ xb’) - y=(a' x y)-b’. 


Theorem A.1 (Decoding up to half the coset bound). Let 2t < w < d(C/C), for C/C, and w as in Theorem 1.2. 
For y € F” such that d(y, C) < t, let 


I=f1<i< w: (3a; € Aj)(a;*bj) Ly, 1< j<w—i}, 


I*= {1< j< w: (3b' € Bwņ1-;j)(ai* bi) Ly, 1<i<j-1}. 


For every c € C with d(y, c) < t, x - c = (a; xb‘) - y, for a majority of i € IN I*. 
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Proof. For c €C, let a; € A; be such that a; x y = a; *c. The vector di, if it exists, satisfies (a; *bj)-y = 0, 
for j= {1,..., w — i}. Moreover, for any b’ € Bw+1—i, (a; * b’) - y = (a; x b’) -c = (ai * bw41_i) C =X: C. 
Let 
T ={1<i< w: (aq € Ai)a; x y =a; *c}, A={1<i<w}\T, 
T*={1< j< w: (3b) € Bw+1-j)b}* y =b} xc}, A*={1<j<w}\r™. 
We know a priori only the sets J and I*. Clearly, T C I and r* C I*. Moreover, for c e C with 


d(y,c) St, |A|,|A*| < t. For i € IN TI*, (a; *bi)- y =x- c if either ie Fr or ie I*. Regardless of 
the actual sets J and I*, this is certainly the case if i € l A T* and it fails only when i € AN A*. Now 


IPar*|—|AnNA*|=w—|rna*|—|r*n Al >w—2t>0. 


Thus, the majority of i € I N I* will give a value (a; x b) - y =x- c. 


If dimC/C’ > 1 then the procedure can be applied iteratively to a sequence of extensions C’ = C; C 
Cr-1 C-+-Cy C Co =C such that dimC;/Cj_1 = 1, for i=1,...,r. For given yo € F” with d(yo, Co) <t, 
the procedure returns the unique coset cg + Cı such that d(yo,co + C1) < t. At the next iteration, 
for yı = yo —Co € F” with d(y1,C1) < t, the procedure returns the unique coset c; + C2 such that 
d(y1, c1 + Cz) <t, and so on. 

Let A= {A1 < A2 <-:- < Aw} C Ap(C) be a sequence of divisors with Aj,; > Aj; + P, for i= 
1,...,.w — 1. Theorem 5.3 (Main theorem) together with Lemma 4.2 shows that 
d(Co(D, G — P)/Cg(D,G)) = w, for G such that C = G — K — P, and for DN (Ay — A1) = Ø. We 
show how the coset decoding procedure applies to the given extension. For a divisor Aj € Ap(C), 
also K + C + P — Aj = G — Ai € Ap(C). Thus, there exist functions fi € L(Aj) \ L(A; — P) and 
gi € L(G — Aj) \ L(G — Aj — P). Let (ai x bw41-j) = ((fi8j) (Pn), -.-, (figj)(Pn)), for i < j. Then 


ai * bj € C,(D, G) forit+j<w, 
aj *bj €CL(D,G)\CL(D,G—P) fori+ j=w+1. 


Moreover, we have the following interpretation for the sets T, T*, A, A*. 


icer e Aj;eTp(Q), icA & AjeAp(Q), 
ier* & A;eAp(C—Q), ieA* & Aiecrp(C-Q). 


Here the divisor Q, for 0 < Q < D, denotes the support of the error vector y — c. The order bound 
(Theorem 6.2) and the floor bound (Theorem 2.3) as well as their generalizations the ABZ bound 
for cosets (Theorem 6.5) and the ABZ bound for codes (Theorem 6.7) are all obtained in this paper 
as special cases of the main theorem. Thus, in each case coset decoding can be performed with 
Theorem A.1. 


Appendix B. Notation 


(Section 1) {1,2,...,n} = r (D1/D) U A(D;/D): For an extension of F-linear codes D1 D D of 
length n, the coordinate set {1,2,...,n} is partitioned into qualified subsets l (D1/D) and unqualified 
subsets A(D1/D). With Theorem 1.6, the partition is such that a subset A C {1,2,...,n} belongs to 
I'(D,/D) if every word in the difference Dı \ D has at least one nonzero coordinate in A and it 
belongs to A(D1/D) otherwise. 

(Section 4) Tp = I’p(C) U Ap(C): For a rational point P, Ip is the semigroup of divisor classes A 
with no base point at P, that is to say with L(A) 4 L(A — P). For a divisor C, the semigroup Ip is 
partitioned into I’p(C) and Ap(C), with 
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Tp(C) ={A: L(A) #L(A— P)AL(A—C) L(A—C — P)}, 
Ap(C) = {A: L(A) L(A — P) AL(A—C) =L(A—C — P)}. 


For a finite set of rational points S, and for a rational point P € S, 


Is=( Tao, 


QES 
Tp(C; S)=Tp(C) NPs = {AE Ts: A—C E Tp}, 


I(C;S)={AeTs: L(A—C) 40}, 
r*(C;S)={AeTs: L(A — ©) 4 L(-0)}. 
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